package org.example.fastproject.core.security;

import org.example.fastproject.web.sys.service.SysCacheService;
import org.example.fastproject.web.sys.service.SysPermissionService;
import org.example.fastproject.web.sys.service.SysUserService;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.PathMatcher;

import javax.annotation.Resource;

/**
 * @Author 王海舟
 * @Date 2023/1/18 11:05
 * @PackageName:org.example.fastproject.core.security
 * @ClassName: SecurityConfig
 * @Description: security配置类
 * @Version 1.0
 */
@Configuration
@EnableGlobalMethodSecurity(
        prePostEnabled = true,
        securedEnabled = false,
        jsr250Enabled = false)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Resource
    private SysCacheService cacheService;

    @Resource
    private PathMatcher pathMatcher;

    @Resource
    private SecurityProperties properties;

    @Resource
    private SysUserService userService;

    @Resource
    private SysPermissionService permissionService;

    @Override
    public void configure(WebSecurity web) throws Exception {
        //设置忽略匹配路径
        if(properties.getIgnore().isEnable())
            web.ignoring().antMatchers(properties.getIgnore().getUrls());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭csrf
        http.csrf().disable();
        // 关闭cors
        http.cors().disable();
        // 关闭自动创建session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // option请求放行
        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll();
        // 设置认证访问
        http.authorizeRequests().anyRequest().authenticated();
        //设置异常处理（认证失败和访问拒绝）
        http.exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler)
                .authenticationEntryPoint(authenticationEntryPoint);
        //添加token认证过滤器
        http.addFilterAt(
                new TokenAuthenticationFilter(cacheService,pathMatcher,properties,userService,permissionService),
                UsernamePasswordAuthenticationFilter.class);
    }
}
